Tagmap takes security seriously and follows the best security practices where possible.
If you have found a bug please send an email to security@ this domain (or use our feedback form) with information on how to reproduce it and why it poses a security risk.
If your bug matches our criteria for security-critical status you may have your name added to this page as our way of saying thanks. Severe bugs may be eligible for a financial (USD) reward as well, depending on their severity and feasibility, although this is at our own discretion, and no guarantees are made. An example of a severe bug would be remote code execution or complete database exfiltration.
The following items are not considered security bugs. This list is not exhaustive.
Tagmap is hosted using Amazon AWS. All user data is protected in-transit by strong encryption (TLS/HTTPS) using best practices (secure ciphers with HSTS and insecure connections disallowed). Confidential user information such as passwords are hashed securely using bcrypt. Many other industry-standard security practices are in use such as two-factor authentication for administration, whitelisted firewalling, isolation/separation of privileges, etc.
Keep in mind that all information added to your profile is public (excluding email, password, and with locations shown as approximations) unless otherwise specified (such as by setting your profile visibility to hidden). Only add information that you are okay with being made public. If you are concerned about the publicity of your location, please ensure your location is set a comfortable distance away from where you live, such as several miles away.
Included in this section are the names of individuals who have reported a security issue to Tagmap that resulted in a patch. Thank you for your contribution to security.